New Investigation Shows A US Journalist Critical Of The Saudi Government Was Hit With NSO Spyware

from the truly-an-unsurprising-development dept

Malware merchant NSO Group's year of embarrassment continues. Leaked data published in July appeared to show NSO malware (namely its phone-hijacking malware Pegasus) had been used to target dissidents, journalists, religious leaders, and prominent politicians.

NSO reacted by first claiming the data showed nothing of the sort or at least was unrelated to its malware and its customers. Then it made contradictory claims, saying it terminated contracts when it discovered abuse of its products and that it had no visibility into its customers' actions. Puzzling.

Then things somehow got worse. Countries accused of using NSO Group malware to target critics and journalists decided to sue critics and journalists. Israel's government opened an investigation into the Israeli company. Another investigation found the government of Bahrain was engaging in exactly the kind of abuse NSO claimed it didn't allow. And, thanks to some pretty ugly divorce proceedings, it came to light that the Dubai's king had used the malware to spy on his ex-wife and her lawyer.

The debacle continues. An investigation by Citizen Lab -- which has uncovered previous misuse of NSO's software -- reveals an American journalist was targeted multiple times by NSO's hacking tools.

New York Times journalist Ben Hubbard was repeatedly targeted with NSO Group’s Pegasus spyware over a three-year period from June 2018 to June 2021. The targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman.

The investigators aren't sure who targeted Hubbard, but they do note that complaining to NSO about being targeted in violation of the company's guidelines has zero deterrent effect on future targeting.

The targeting resulted in Pegasus infections in July 2020 and June 2021. Notably, these infections occurred after Hubbard complained to NSO Group that he was targeted by the Saudi-linked KINGDOM Pegasus operator in June 2018.

While it would seem the most likely suspect is the Saudi government (or perhaps the prince himself, given what we now know about individual misuse of NSO spyware), Citizen Lab doesn't have enough information to definitively say who's behind the second round of targeting. And, given government/government officials' willingness to sue journalists over accusations of spying, Citizen Lab is wise to play it safe when it comes to attribution.

The in-depth report is worth reading, detailing how Citizen Lab arrived at these conclusions, as well as noting the similarities between these attacks (which utilized both malicious links and zero-click exploits) and ones observed targeting a Saudi activist earlier this year. And it shows NSO is still months away from being able to put this in the rearview mirror. A change of culture is needed at NSO and it needs to cancel all contracts with countries whose governments whose abuses of human rights and hacking tools have already been the subject of years of reporting.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ben hubbard, malware, pegasus, spyware, surveillance
Companies: citizen lab, nso


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Pixelation, 25 Oct 2021 @ 1:46pm

    Rotten

    When it comes to Saudi Crown Prince Mohammed bin Salmon, something is definitely fishy.

    Too bad the US government is so far up the Saudi's ass, they haven't done anything about the killing of Kashoggi.

    link to this | view in thread ]

  2. icon
    That Anonymous Coward (profile), 25 Oct 2021 @ 2:44pm

    Whatever happened to trust but verify?
    So far every single one of NSO's claims have been lies & debunked.
    It really shouldn't take it coming out that someone used NSO to target Bebe, before they decide perhaps they need a closer look at whats happening over there.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 25 Oct 2021 @ 4:05pm

    Government abuse of malware...

    "We refuse to have as a client any government that wants to use our products."
    -- Malware by Marx, est 1949

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 25 Oct 2021 @ 4:29pm

    A change of culture is needed at NSO

    A change not unlike the Late Bronze Age Collapse, one might think.

    link to this | view in thread ]

  5. identicon
    Pixelation, 25 Oct 2021 @ 5:37pm

    At what point...

    Does NSO group become listed as a terrorist organization?

    link to this | view in thread ]

  6. icon
    Upstream (profile), 26 Oct 2021 @ 1:35am

    Re: At what point...

    At the same point NSO Group stops letting corrupt governments / corrupt government officials use their malware.

    link to this | view in thread ]

  7. icon
    That One Guy (profile), 26 Oct 2021 @ 1:42pm

    'Are they still paying us? Yes? Then what's the problem?'

    And it shows NSO is still months away from being able to put this in the rearview mirror. A change of culture is needed at NSO and it needs to cancel all contracts with countries whose governments whose abuses of human rights and hacking tools have already been the subject of years of reporting.

    Objection, premise assumes that the company actually cares about what it's product is being used for beyond how it might look for them when those actions come to light.

    link to this | view in thread ]

  8. icon
    That One Guy (profile), 26 Oct 2021 @ 1:43pm

    Re: At what point...

    As Upstream noted when it ceases to be useful to a sufficient number of powerful governments, politicians and private individuals and not a second sooner.

    link to this | view in thread ]

  9. icon
    Bill Poser (profile), 26 Oct 2021 @ 6:00pm

    there's no puzzle

    There is no contradiction between NSO's claim that it has no visibility into its clients' use of its product and its claim that it terminates contracts when it discovers abuse. It is entirely possible that in the course of normal operations they do not see what their clients are doing but that, if third parties disclose credible evidence of abuse, NSO terminates the contract.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 26 Oct 2021 @ 8:42pm

    Re: there's no puzzle

    if third parties disclose credible evidence of abuse, NSO terminates the contract.

    Do they? Doesn't look like it.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.